I'm planning on turning OFF the [security-discuss] tags inserted by
mailman into the Subject: for all emails to this alias and to the
following security community sponsored project lists: loficc-discuss,
zfs-crypto-discuss, crypto-discuss, crypto-notify. I would like to
request that the owners
Hi all,
Did you know that the Solaris Trusted Extensions and security administration
documentation is open source? Download the latest XML source files and HTML
here:
http://dlc.sun.com/osol/docs/downloads/current/
Directories beginning with TR contain the Trusted docs, the SYSADV6 directory
c
K wrote:
> 4/ Poor exploit mitigation under Solaris. In comparaison, OpenBSD,
> grsec linux and Windows => XP SP2 have really good exploit
> mitigation It is a shame because solaris offered a non-exec stack
> before nearly everyone else... but it stopped there... no heap
> protection, e
Nicolas Williams wrote:
> On Tue, Nov 27, 2007 at 07:23:35AM -0800, Gary Winiger wrote:
>> Secondly, Craig has hired someone to work on SMC. Once he gets
>> up to speed, one of the tasks I've got planned for him is
>> a general key=value extension so SMC will not continue to block
>
Giovanni Schmid wrote:
> I'm wondering if there is a way enabling non-root users to log into a zone
> via zlogin.
> I had supposed that using zlogin with the security attribute uid=0 could
> work, but I was disappointed. Indeed, I edited /etc/security/exec_attr ,
> adding the line:
> System Admi
I agree that adding one or more generic advanced tabs to support new
keywords is something that should be added to the SMC. We are looking
into some of the details about how to do this.
At a minimum we need to have some registration file that enumerates the
valid keywords for each of the RBAC d
On Wed, Nov 28, 2007 at 11:11:20AM +, Darren J Moffat wrote:
> For OpenSolaris I completely agree. However for Solaris the reason we
> need SMC is that unlike nistbladm or ldapmodify or vi it actually audits
> and uses authorisations to determine who can modify. We need this for
> our Comm
Hello,
I think I'm in the same situation as Mark and I have a question about how can I
handle private keys in opnessl if I can' retrieve them from the HSM. I hope you
are willing to help me.
Here is my situation:
I'm working on my own pkcs11 engine to support RSA operations. I have a pkcs11
pro
